Rewards by severity

No-fix - $0
Low - $50
Medium - $200
High - $500
Critical - $2000



Explanation:

No-fix
Not considered a security vulnerability and will not be fixed.
No impact on clients, data, or system security, and no realistic attacker incentive or exploit path.

Low
No real security impact
Example: missing security headers

Medium
Limited impact or requires user interaction
Example: reflected XSS that only affects the user who clicks the link

High
Unauthorized access to other users’ data or actions
Example: IDOR allowing access to another user’s data without their interaction

Critical
Full compromise of accounts or system
Example: account takeover or remote code execution